Chapter 2. The pki utility
The
pki utility allows clients to access PKI services on the Certificate System server. The utility provides a number of commands and subcommands designed to perform various operations, such as user or group management, certificate management, profile management, and others.
To display all available
pki commands and options, run pki without any arguments:
$ pki usage: pki [OPTIONS..] <command> [ARGS..] -c <password> Security database password -d <database> Security database location (default: ~/.dogtag/nssdb) ... Subsystems: ca CA management commands kra KRA management commands ocsp OCSP management commands ... Commands: client Client management commands cert Certificate management commands group Group management commands ...
Some
pki commands have subcommands. To display subcommands available with a particular pki command, run the command without any options. For example, to display the subcommands available with the pki client command:
$ pki client Commands: client-init Initialize client security database client-cert-find Find certificates in client security database client-cert-import Import certificate into client security database ...
2.1. Connection Parameters
The
pki utility connects to the PKI server with the following parameters by default:
- Protocol:
http - Host name:
localhost - Port:
8080
You can specify custom parameters manually by adding the following options to any of the
pki commands:
-Pspecifies the protocol-hspecifies the host name-pspecifies the port
For example:
pki -P https -h server.example.com -p 8443 cert-find
You can also specify the connection parameters as a URL. To do this, provide the URL in the protocol://hostname:port format using the
-U option. The subsystem is determined based on the command being executed. For example, the following command lists the certificates in the CA:
pki -U https://server.example.com:8443 cert-find
